tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Felix Schumacher <felix.schumac...@internetallee.de>
Subject Re: Session timeouts: ignore "periodic polling" URL?
Date Sun, 20 Mar 2011 20:14:43 GMT
 On Sun, 20 Mar 2011 15:40:48 +0100, André Warnier wrote:
> sebb wrote:
>> On 20 March 2011 11:19, André Warnier <aw@ice-sa.com> wrote:
>>> sol myr wrote:
>>>> Hi,
>>>>
>>>> We have a Servelts/JSP application Tomcat6.
>>>> Our javascripts issues automatic, periodic polling requests (Ajax 
>>>> and
>>>> Comet), in order to keep the view  up-to-date.
>>>> Unfortunately this prevents sessions from timing out...
>>>>
>>>> Is there a way to tell Tomcat that some URL shouldn't affect 
>>>> session
>>>> timeouts?
>>>> Namely if for the last 30 minutes, the browser requested nothing 
>>>> but
>>>> "http://server/autoRefresh.do" , then Tomcat should assume the 
>>>> user went
>>>> away from the computer, and kill the session.
>>>>
>>> You may have to explain the logic of this a bit better, because on 
>>> the face
>>> of it, it makes no sense.
>>> Presumably, if you create a session, it is because the application 
>>> needs a
>>> session (aka, needs some information to be preserved between 
>>> individual
>>> requests of the same user/browser).
>>> Then why would you want it to time out ?
>> This is the sort of behaviour one wants for online banking - the
>> session should be logged out if the user does not do anything for a
>> while, even though the page may be doing background requests.
>>
>
> Allright then, I'll buy that, if somewhat reluctantly.
>
> The creation or retrieval of a session, as far as I understand it, is
> totally under application control.
> In other words, if your servlet (or JSP), when it is called, executes
> a HttpServletRequest.getSession() call, then it will retrieve the
> existing session (or create one if none exists yet); and if it does
> not call getSession(), it will not.
 If the browser sends a session-id, tomcat will touch the session and 
 mark it as alive.

 I remember a similar thread not long ago, but I can't find it in the 
 archives. I could
 find a similar thread from 2008 where Christopher gave some answers to 
 this problem[1].

 If OP knows the url-pattern for all its ajax-request, that should be 
 ignored for
 session-keepalive, the parameter in the filter could be dropped. He 
 would just have to
 limit the filter to that url.

 Regards
  Felix

 [1] 
 http://old.nabble.com/Session-expiration-and-AJAX-issues-td15671248.html
>
> In other words, if you want some requests URLs "not to count" (or "be
> excluded") as far as the session mechanism is concerned, then you 
> just
> have to map these requests (URLs) to a servlet/JSP page which does 
> not
> do a getSession().
>
> Of course, if in order to refresh the information in the browser
> page, the application needs to access information stored in the
> session, then you have a problem.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message